summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/Dockerfile.gitolite25
-rwxr-xr-xdocker/gitolite_init.sh6
-rw-r--r--gitolite/Dockerfile51
-rw-r--r--gitolite/dotfiles/.gitconfig (renamed from conf/.gitconfig)2
-rw-r--r--gitolite/dotfiles/.gitolite.rc (renamed from conf/.gitolite.rc)4
-rwxr-xr-xgitolite/dotfiles/local/triggers/push (renamed from local/triggers/push)0
-rwxr-xr-xgitolite/entrypoint.sh15
-rw-r--r--gitolite/gitolite.conf (renamed from conf/gitolite.conf)2
-rwxr-xr-xgitolite/initialize.sh16
-rw-r--r--gitolite/sshd_config (renamed from docker/sshd_config)0
10 files changed, 87 insertions, 34 deletions
diff --git a/docker/Dockerfile.gitolite b/docker/Dockerfile.gitolite
deleted file mode 100644
index d2ca1ae..0000000
--- a/docker/Dockerfile.gitolite
+++ /dev/null
@@ -1,25 +0,0 @@
-# https://gitolite.com/gitolite/index.html
-# https://github.com/sitaramc/gitolite
-# https://wiki.archlinux.org/title/Gitolite
-
-FROM archlinux
-
-# The gitolite package implies git, openssh, and creates the host user
-RUN pacman-key --init
-RUN pacman -Syu --needed --noconfirm gitolite
-
-# Initialize the gitolite datastore
-COPY . /app
-RUN if [ -f "/app/admin.pub" ]; \
- then runuser -u gitolite -- /app/gitolite_init.sh "/app/admin.pub"; fi
-VOLUME /var/lib/gitolite
-
-# sshd host keys are stored in a volume so that rebuilding/updating the
-# image doesn't break user trust
-COPY sshd_config /etc/ssh/
-RUN mkdir -p /hostkeys/etc/ssh/
-RUN ssh-keygen -A -f /hostkeys
-VOLUME /hostkeys
-
-EXPOSE 22
-CMD ["/usr/bin/sshd", "-D"]
diff --git a/docker/gitolite_init.sh b/docker/gitolite_init.sh
deleted file mode 100755
index bd70222..0000000
--- a/docker/gitolite_init.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-gitolite setup -pk "$1"
-chmod 755 /var/lib/gitolite
-chmod -R 755 /var/lib/gitolite/repositories
-ln -sf .gitolite/conf/.gitolite.rc /var/lib/gitolite
-ln -sf .gitolite/conf/.gitconfig /var/lib/gitolite
diff --git a/gitolite/Dockerfile b/gitolite/Dockerfile
new file mode 100644
index 0000000..5d34312
--- /dev/null
+++ b/gitolite/Dockerfile
@@ -0,0 +1,51 @@
+# https://gitolite.com/gitolite/index.html
+# https://github.com/sitaramc/gitolite
+
+FROM debian
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install SSH and gitolite packages
+RUN apt update \
+ && apt full-upgrade --yes \
+ && apt install --yes openssh-server gitolite3 \
+ && apt clean
+
+# Create git user
+RUN useradd \
+ --uid 2000 \
+ --home-dir /git \
+ --skel /dev/null \
+ --create-home \
+ git
+
+# Install files
+COPY --chown=git:git dotfiles /git/
+COPY sshd_config /etc/ssh/
+COPY gitolite.conf entrypoint.sh initialize.sh /app/
+
+# Setup SSH keys
+# We manually generate and store host keys in a separate volume, so that
+# rebuilding the image doesn't break user trust. A key pair is generated for
+# the root user for gitolite file initialization, so we don't need a file
+# supplied by the user every time they update the image.
+RUN mkdir -p /hostkeys/etc/ssh /run/sshd \
+ && ssh-keygen -A -f /hostkeys \
+ && ssh-keygen -f /root/.ssh/id_rsa -N "" \
+ && cp /root/.ssh/id_rsa* /app
+
+# Patch `gitolite setup` script
+# The acting gitolite.conf file is managed by the gitolite-admin repository. In
+# order to install our default version of the file, we need to patch its contents
+# into the Setup.pm file in the gitolite installation. This helps maintain
+# separation of normalmode and gitolite-admin version control.
+RUN grep -B1000000 __DATA__ /usr/share/gitolite3/lib/Gitolite/Setup.pm >/app/Setup.pm \
+ && cat /app/gitolite.conf >>/app/Setup.pm \
+ && cp /app/Setup.pm /usr/share/gitolite3/lib/Gitolite/Setup.pm
+
+# Initialize gitolite files
+RUN su git -c "gitolite setup -pk /app/id_rsa.pub" \
+ && chmod -R 755 /git/repositories
+
+EXPOSE 22
+CMD ["/app/entrypoint.sh"]
diff --git a/conf/.gitconfig b/gitolite/dotfiles/.gitconfig
index a998fec..6e33a9e 100644
--- a/conf/.gitconfig
+++ b/gitolite/dotfiles/.gitconfig
@@ -4,3 +4,5 @@
useConfigOnly = true
name = gitolite
email = gitolite
+[receive]
+ denyDeleteCurrent = warn
diff --git a/conf/.gitolite.rc b/gitolite/dotfiles/.gitolite.rc
index 25a5231..eefc022 100644
--- a/conf/.gitolite.rc
+++ b/gitolite/dotfiles/.gitolite.rc
@@ -74,12 +74,12 @@
# suggested locations for site-local gitolite code (see cust.html)
# this one is managed directly on the server
- # LOCAL_CODE => "$ENV{HOME}/local",
+ LOCAL_CODE => "$ENV{HOME}/local",
# or you can use this, which lets you put everything in a subdirectory
# called "local" in your gitolite-admin repo. For a SECURITY WARNING
# on this, see http://gitolite.com/gitolite/non-core.html#pushcode
- LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
+ # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
# ------------------------------------------------------------------
diff --git a/local/triggers/push b/gitolite/dotfiles/local/triggers/push
index 7a3cb56..7a3cb56 100755
--- a/local/triggers/push
+++ b/gitolite/dotfiles/local/triggers/push
diff --git a/gitolite/entrypoint.sh b/gitolite/entrypoint.sh
new file mode 100755
index 0000000..613a968
--- /dev/null
+++ b/gitolite/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# On startup of the gitolite container, force a receive of the gitolite-admin
+# files from the persistent volume, to cause the user's real pubkeys and config
+# files to take effect.
+main() {
+ sleep 5
+ ssh -o StrictHostKeyChecking=accept-new git@localhost info # cache hostkey
+ git clone --bare git@localhost:gitolite-admin.git /tmp/gladmin.git
+ git --git-dir=/tmp/gladmin.git push origin :master # remove rmt master
+ git --git-dir=/tmp/gladmin.git push origin master # replace rmt master
+}
+
+main &
+/usr/sbin/sshd -D
diff --git a/conf/gitolite.conf b/gitolite/gitolite.conf
index a1602d0..89eb558 100644
--- a/conf/gitolite.conf
+++ b/gitolite/gitolite.conf
@@ -1,4 +1,4 @@
-@administrators = admin
+@administrators = %ADMIN
repo gitolite-admin
RW+ = @administrators
diff --git a/gitolite/initialize.sh b/gitolite/initialize.sh
new file mode 100755
index 0000000..6806acd
--- /dev/null
+++ b/gitolite/initialize.sh
@@ -0,0 +1,16 @@
+#!/bin/bash -e
+
+# This script is manually invoked when first setting up a site to initialize the
+# gitolite repositories database and set up a user-supplied pubkey for initial
+# administrator access.
+
+echo -e "This will erase data in the gitolite repository volume!"
+echo -e "One SSH pubkey will be used as the initial administrator of the new install."
+echo -e "\nKey selected: $1"
+cat "/tmp/$1"
+echo -e "\nPress Enter/Return to continue..."
+
+read -r confirm
+
+rm -rf /git/.gitolite /git/repositories/*
+su git -c "gitolite setup -pk /tmp/$1"
diff --git a/docker/sshd_config b/gitolite/sshd_config
index efc0c52..efc0c52 100644
--- a/docker/sshd_config
+++ b/gitolite/sshd_config